[Snort-users] Help with Misc Large ICMP Packet (snort log)

Wally Hass whass at ...3740...
Wed Oct 10 05:42:10 EDT 2001


Hello,
Our snort log has been kicking these out for a couple of days.  I get about
300 a day from misc addresses spread all over the Internet.  The packed says
to respond to ops at ...3759..., but of course I get no response.  Is this a
false positive of some kind?  I thought at first is monitoring software but
I'm getting so many that I'm starting to wonder.

Thanks in advance.

Wally Hass

[**] MISC Large ICMP Packet [**]
10/10-03:04:34.984262 216.44.45.4 -> 216.217.xx.x
ICMP TTL:239 TOS:0x0 ID:25401 IpLen:20 DgmLen:1020 DF
Type:8  Code:0  ID:22272   Seq:22752  ECHO
6D 61 69 6C 74 6F 3A 6F 70 73 40 64 69 67 69 73  mailto:ops at ...3760...
6C 65 2E 63 6F 6D 20 66 6F 72 20 71 75 65 73 74  le.com for quest
69 6F 6E 73 20 20 20 20 54 68 69 73 20 49 43 4D  ions    This ICM
50 20 45 43 48 4F 20 52 45 51 55 45 53 54 2F 52  P ECHO REQUEST/R
45 50 4C 59 20 69 73 20 70 61 72 74 20 6F 66 20  EPLY is part of
74 68 65 20 72 65 61 6C 2D 74 69 6D 65 20 6E 65  the real-time ne
74 77 6F 72 6B 20 6D 6F 6E 69 74 6F 72 69 6E 67  twork monitoring
70 65 72 66 6F 72 6D 65 64 20 62 79 20 44 69 67  performed by Dig
69 74 61 6C 20 49 73 6C 61 6E 64 20 49 6E 63 2E  ital Island Inc.
20 20 49 74 20 69 73 20 6E 6F 74 20 61 6E 20 61    It is not an a
74 74 61 63 6B 2E 20 20 49 66 20 79 6F 75 20 68  ttack.  If you h
61 76 65 71 75 65 73 74 69 6F 6E 73 20 70 6C 65  avequestions ple
61 73 65 20 63 6F 6E 74 61 63 74 20 6F 70 73 40  ase contact ops@
64 69 67 69 73 6C 65 2E 63 6F 6D 00 00 00 00 00  digisle.com.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011010/e3e8289b/attachment.html>


More information about the Snort-users mailing list